Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Threatlist: Dark Web Markets See an Evolution in Q3

Vulnerabilities, stolen credentials and an evolution of marketplaces mark the Dark Web in Q3.

In the wake of Hansa and AlphaBay being dismantled on the Dark Web, Dream Markets and Wall Street Market have become the largest marketplaces in the criminal underground, according to Q3 analysis from McAfee. Meanwhile, vulnerabilities and stolen credentials continue to dominate the cybercriminal discussion.

Illicit playgrounds for selling narcotics, hacking tools, hackers for hire and data records, these markets continue to thrive even in the wake of law enforcement action. According to threat research out this month from the McAfee, the disruption of Hansa and AlphaBay created a ripple effect during the quarter, driving cybercriminals to competing, smaller markets, including Dream Market, Wall Street Market and Olympus Market.

However, “Olympus Market, which was well on its way to being one of the top markets, suddenly disappeared in Q3,” the report noted. “There is speculation that the disappearance was an exit scheme initiated by the market’s administrators to steal money from their own vendors and customers.”

At the same time, several individual sellers have moved away from large markets and have opened their own specific marketplaces, McAfee said.

“They hope to fly under the radar of law enforcement and build a trusted relationship with their customers without the fear of a quick exit by the market owners,” according to the report. “This shift has sparked a new line of business: Defiant website designers who offer to build hidden marketplaces for aspiring vendors.”

Stolen digital data, which drives much of the profits, will continue to be a key motivator both in large markets and more niche underground hacker forums, McAfee noted. The forums, which are less accessible to the public and focus on cybercrime-related topics, thrive mainly on leaked user credentials.

“Credential abuse is one of the most popular topics on the underground scene, and the large data breaches we read about help maintain this popularity,” the report noted. “The use of valid accounts makes it child’s play for cybercriminals to access and take over an individual’s personal life.”

Cybercriminals often show an interest in email accounts because these are regularly used to restore login credentials for other online services, the research found. “Password reuse, not enabling two-factor authentication, and failing to change passwords on a regular basis are the main factors that make these attacks so effective.”

CVE discussions are popular too, the research found, with recently published vulnerabilities becoming hot topics in discussions of browser exploit kits—RIG, Grandsoft and Fallout—and of ransomware, especially GandCrab.

“In the English-speaking, less technical underground forums we observed several discussions of old CVE implementations in familiar tools such as Trillium MultiSploit,” McAfee said. “These threads show that cybercriminals are eager to weaponize both new and old vulnerabilities. The popularity of these topics in underground forums should warn organizations to make vulnerability management a priority in their cyber-resilience plans.”

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.